Open mirone85 opened 1 week ago
Some more info (I'm having the same problem). @manicminer is this related to #1497 ?
Terraform Plan when using the AzureAD 3.x provider detects changes
# azuread_conditional_access_policy.policy-name-here will be updated in-place
~ resource "azuread_conditional_access_policy" "policy-name-here" {
id = "/identity/conditionalAccess/policies/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# (3 unchanged attributes hidden)
~ conditions {
# (4 unchanged attributes hidden)
~ locations {
~ excluded_locations = [
- "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+ "/identity/conditionalAccess/namedLocations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
]
# (1 unchanged attribute hidden)
}
# (4 unchanged blocks hidden)
}
# (1 unchanged block hidden)
}
The Terraform Apply outputs
Error: Could not update conditional access policy with ID: "/identity/conditionalAccess/policies/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
β
β with azuread_conditional_access_policy.policy-name-here,
β on file-name.tf line 11, in resource "azuread_conditional_access_policy" "policy-name-here":
β 11: resource "azuread_conditional_access_policy" "policy-name-here" {
β
β unexpected status 400 (400 Bad Request) with error: BadRequest: 1040:
β NamedLocation with id
β /identity/conditionalAccess/namedLocations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
β does not exist in the directory.
We are also having this issue
# azuread_conditional_access_policy.xx will be updated in-place
~ resource "azuread_conditional_access_policy" "xx" {
id = "/identity/conditionalAccess/policies/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx""
# (3 unchanged attributes hidden)
~ conditions {
# (4 unchanged attributes hidden)
~ locations {
~ excluded_locations = [
~ "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"" -> "/identity/conditionalAccess/namedLocations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
]
# (1 unchanged attribute hidden)
}
# (3 unchanged blocks hidden)
}
# (1 unchanged block hidden)
}
Thanks for the report - presuming that the UUIDs match, I'll see if I can put in some diff suppression for that.
Yes, the UUIDs match.
is there a feedback
@manicminer any update on when this will get resolved?
is there a feedback, when this will be resolved
any update when this will be resolved?
Community Note
Terraform (and AzureAD Provider) Version
3.0.0 and 3.0.1
Affected Resource(s)
azuread_named_location
azuread_named_locationTerraform Configuration Files
Debug Output
Panic Output
Expected Behavior
terraform should find the guid of the existing named location
Actual Behavior
terraform plan tries to install new named location in this form /identity/conditionalAccess/namedLocations/xxxxxx
Steps to Reproduce
go to azure ad provider 3.0.0 or 3.0.1, edit existing named location by adding new IP for example, run terraform plan
terraform apply
Important Factoids
References
0000